Wednesday, January 1, 2014

Wesley's alias development announcement

source: https://bitcointalk.org/index.php?topic=345619.msg4253416#msg4253416

1. I've decided to join forces with ferment (owner of 22k.io), as it's import to cooperate on one of the best features of Nxt and not confuse users with multiple extensions and what not.

2. Now, there is a bit of a difference between my extensions and what 22k.io currently has. I would like some community input on which approach is best.

- 22k.io extensions are "thin clients". The alias entered is immediately sent to 22k.io which then processes the alias; (does a redirect, shows account info, etc.. depending on the alias). This is an advantage because new features can be added easily.

- My extensions are "thick clients". The extension itself processes the alias. It first tries to ask your localhost for the alias URI, if you have the Nxt client running on your computer. If not, it connects to a Nxt node on the internet and asks it for the alias info.

The extension then decides what to do; redirect, open an email, etc..

New features require an update to the extension. I haven't checked yet if auto-update is an option in all browsers.

Which approach is technically best? I don't know. Perhaps a combination of the two could also be done; if the alias is a simple URI or email address, the client handles it, otherwise it's sent to 22k.io which can then show account info, etc...

3. We also have to be careful about security. Especially when it comes to aliases that refer to an account.

If a node is compromised, it could return the attacker's ID instead of the real account ID. This could result in stolen coins if you send to that ID.

That's why it's perhaps better to connect to multiple nodes (3 or more, from different geographical ares) and ask all of them for the alias info, and only if all of them return the same information show the user the result. We also have to make sure that 22k.io is not compromised.

4. I think it's best if this entire project would be handled as a community effort, with some kind of official sanctioning so that users know they can trust the extension/website.

All code, both client side (browser extensions), as well as server side, should also be available for peer review, open-source and hosted on github. I haven't yet got word back from ferment on this.

5. We also need some kind of agreement on the json syntax and other new features.

1 comment:

  1. YoBit lets you to claim FREE COINS from over 100 unique crypto-currencies, you complete a captcha one time and claim as much as coins you need from the available offers.

    After you make about 20-30 claims, you complete the captcha and continue claiming.

    You can click on claim as many times as 50 times per one captcha.

    The coins will stored in your account, and you can convert them to Bitcoins or USD.

    ReplyDelete